Factory Reset Protection: what you need to know

Factory Reset Protection helps keep your data safe if your phone is lost or stolen, but you need to remember to disable it before a new user can set it up and sign in.

Factory Reset Protection (FRP) is a security method that was designed to make sure someone can't just wipe and factory reset your phone if you've lost it or it was stolen. Starting with Android Lollipop, FRP is "standard" in vanilla Android, and most companies making our phones have implemented it in their own models. It's a good thing — it makes a stolen phone harder to use, which makes it less appealing to thieves, and anything that can protect our data on a phone we've lost is welcome.

The problem is that people are selling or trading or even giving away phones with FRP enabled and this makes things difficult for the next user.

How it works explains why. If you reset a phone with FRP enabled, you have to provide the user name and password for the last Google account that was registered with the device. There are random work-arounds on the Internet, but they tend to get patched almost as soon as they are discovered. You'll pretty much need to know the login details for the last account to use the phone before you can do anything with it if FRP was enabled before you reset it.

We've been bitten by this ourselves. We ship phones all over North America and the U.K., and sometimes it's easy to forget about FRP when you wipe the data on a phone and stick it in a box. And yes, we end up having to share a password to get past the initial setup — you can't reset a protected phone for 72 hours after a password change, so "temporary" passwords aren't going to work. Never (and I mean never) reset a phone without turning FRP off during that 72 hour time period. There is nothing but heartache and pain at the bottom of that hole.

The good news is that disabling FRP is easy. The bad news is that there is nothing to remind you to do it when you're wiping your phone. I would love to see a reminder about FRP when resetting, much like the one we see now about losing our accounts and data. Until then, it's up to you to remember to disable it when you're getting a phone ready to send to someone else. The process:

Open your device settings and remove any security you have for the lock screen. This isn't a required step for all phones, but some want you to do this so we're including it here.

Once that's done, you need to remove any and all Google Accounts from the phone or tablet. That's also done in the settings — look for a section labeled Accounts. With an account selected, look for a delete or remove option, usually hidden behind the three little dots in the top corner of the screen.

When you've made sure all of the Google accounts have been erased, you can then factory reset your phone or tablet through the device settings.

The good news is that disabling FRP is easy. The bad news is that there is nothing to remind you to do it when you're wiping your phone.

A couple notes need added here. This doesn't undo Samsung's (or anyone else's) version of Reactivation Lock. If you've enabled data reset protection through your Samsung account, you'll need to turn that off in your Security settings. You can find the switch under the "Find My Mobile" section.

If you've forgotten to turn off FRP and sent a phone to someone else, you'll likely need to help them get it setup. This means giving them access to your Google account password. Do that while you're talking to them, and as soon as they are done you'll want to reset your account password. This sounds sketchy, but be a good seller and do the right thing. Then change that password ASAP because you never want anyone else to have your Google password. I'm sure you can see why disabling FRP before you send a phone off to someone else is a much better solution.

While we haven't seen headlines telling us mobile phone theft is down by any measurable percentage since FRP was enabled, it's still a good way to keep your data safe. And it's pretty easy to disable when you want someone else to be able to use your old phone.

A few words for Android power-users:

If you change the default security on your phone (root, unlock your boot loader, or simply check the box to allow it) this issue and these instructions are not for you. Most things related to security and OS integrity are not for you, because you elected to take care of those issues yourself. That's not a bad thing, unless you checked boxes and did things without understanding the implications.

Remember, we're the 1-percenters when it comes to Android. We aren't the people something like FRP was designed for because we care about unlocked boot loaders and don't want someone to worry about protecting us from ourselves or anyone else.

If you're using a phone that's not running Android as written, it may or may not use the same reset protection methods. Those particular devices are best covered with their own article talking about their own methods of theft-prevention. Those are coming.

Also — If you're using a phone that was shipped with a version of Android older than 5.1.1, this may or may not apply to you — that's up to the manufacturer to decide. Likely no update will enable FRP on a phone that didn't ship with it in the first place.

Reader comments

Factory Reset Protection: what you need to know

Hi guys, i need some help here. Today i've rebooted my Apollo Lite but when i try to access the phone putting my key it says that it is wrong. I'm pretty sure that i'm not wrong and i didn't changed it so what happened here? How can i get access to my phone? The SIM card PIN it's Ok. I've done a factory reset but it keeps asking me for a PIN code. Help please!

Hi there, i factory reset a used phone from the recovery screen, without doing all the FRM safeguards. so far all attempts at contacting the original owner to aid in the setup with his gmail/pass have been fruitless. I've read on some sites to wait 24, 48 or 72 hours. i've tried to sign on after 24, 48 nd now 72 hours. does it have to be 72 hours uninterupted? should i factory reset, and just leave it alone for 72 hours? please help, i getting the sinking feeling i've bricked a phone i just purchased.

This JUST happened to me. Bought a used T-mobile Galaxy S7 from swappa. Was freaking out a little bit and getting ready to blast the seller and request a refund... then calmed down and was able to bypass the lock. Not sure how long the workaround will last but simply search on Youtube for it. I'm telling swappa to update their checklist to include removal of FRP.

It’s a horrible feeling when your phone is locked behind a passcode you just can’t remember. Luckily, this Dr.Fone for Android can help you remove the pattern, fingerprints, PIN and password without data loss.

I get the new Samsung every year and give away my previous to friends who cant afford them. I usually just reset the phone and they have to set it up as though it was new. There was never any issue with this stuff...

just got a Galaxy S6 edge Previously locked into the Tmobile Network, used the Tmobile Unlock App and as soon as the Phone conducted an Automatic Reset it bricked. The damn thing is practically useless, it won't charge or turn on. It will blink a battery sign and display the usual FRP crap. Thanks Android for trying to be like IOS...if i wanted an Iphone I would have gotten one.

Nice Article at all but some things are simply not true. I'm involved in lots of Android trainings and FRP is a big topic for the salesstaff we train. The only thing you have to be aware of is to do a factory reset only via the normal setting (Backup&Reset - Factory Reset) to avoid the Android Factory Reset Protection to look the phone. So there is absolutly no need to remove the Google-Account or the Screen lock before. FRP only locks your Phone if you performe a Factory Reset via the Bootloader (Like a thief would do) ! I just tested this with two Nexus 6s and there is absolutley no doubt at least for vanilla Android. Have a nice day and don't forget to reset your phone properly before you sell it ;)

So if I did a factory reset in the settings menu and then for added piece of mind did one in recovery without signing back into the phone am I ok? I just sold the phone on swappa and want to make sure the seller can set up the phone

As you can see from these comments and the numerous threads about the issue in the forums, this is a real thing even if some of us haven't encountered it :)

If you change the default security on your phone (root, unlock your boot loader, or simply check the box to allow it) this issue and these instructions are not for you. Most things related to security and OS integrity are not for you, because you elected to take care of those issues yourself. That's not a bad thing, unless you checked boxes and did things without understanding the implications.

Remember, we're the 1-percenters when it comes to Android. We aren't the people something like FRP was designed for because we care about unlocked boot loaders and don't want someone to worry about protecting us from ourselves or anyone else.

If you're using a phone that's not running Android as written, it may or may not use the same reset protection methods. Those particular devices are best covered with their own article talking about their own methods of theft-prevention.

Also — If you're using a phone that was shipped with a version of Android older than 5.1.1, this may or may not apply to you — that's up to the manufacturer to decide. Likely no update will enable FRP on a phone that didn't ship with it in the first place.

Apologies for any confusion here. Having a million or so different products all doing different things but still using the Android brand makes everything harder than it should be. :)

I went ahead and added this to the post itself to prevent any further confusion. I didn't mean to forget the power users, I just wanted to not confuse the "normal" users. Something I need to work on a little harder :)

Just like the thing on iPhone where you have to disable "Find my iPhone" or delete icloud account before resetting it. Having worked in phone repair I've seen it on many iphones, so far I have only seen it once on a Samsung phone, can't remember which one

I've got a similar issue.
Virtually brand new boxed Nexus 9. Purchased 2nd hand, seller won't bother to respond to my enquiry.
I've seen it working so I know it wasn't "found' in the park.
Don't really know what to do now.
Any suggestions?

I had this problem when I bought my second hand Nexus 6 from eBay last October. I had to contact the seller and ask him to give me his account details so I could wipe it properly. It was an awkward thing to have to do but he was very good about it. If he had been difficult about it I would have had to get a refund as it is a brick without it.

This is news to me. I have sold a couple phones on lollipop with different manufacturers. I go to settings and do a factory reset. I've never have had a problem. It appears this is only an issue when you do the reset from the boot menu. Maybe clarify this point in the article. I think Jerry might be putting a little green in the vape.

I've never even heard of this and I consider myself a power user. This really needs to be an option in a menu, not some weird automatic thing. I've never deleted my accounts first when selling any phone on swappa or on eBay etc... Never heard from buyer that they had an issue either

What if you change the Rom to custom. Will it still ask for that account or not. I don't think it asked me when I flashed custom Rom (which had every Samsung stuff removed) on an s6 after enabling reactivation lock

I think it's built under the impression that you have pin, pattern or other sort of security in place. Past couple phones I've set up have asked me to set something up during the account login process.
Otherwise I think you don't really care about the phone or its contents in the first place.

To do that, you would first have to get into the phone. If you have a lock pin or pattern set up, that becomes pretty dang hard. Hence why you should ALWAYS have some sort of lock on your phone. Yeah it takes another half second to unlock your phone, but well worth it.

This is relatively new, so it hasn't become a huge issue yet, but I'm sure it will. Like mentioned in this article, there really needs to be some sort of warning when you reset at the very least. I feel Windows Phones have the best implementation of this (Windows 10 Mobile). Not only do they provide a warning before a factory reset, but they make you put in your Microsoft Account password in order to do it. The only way around this is to Factory reset with hardware key combonations only, which very few people know how to do. And even if you go this route and forget to disable the security. You just need to log in to your MSA online and they will give you a 25 character key to provide the new user of the phone, so you don't ever have to disclose your password.

It's probably worth noting in the article that enabling "OEM unlocking" under developer settings disables Device Protection" which FRP falls under. I tested this on my phone and was able to factory reset and then set up the phone again although I didn't try using a different account after resetting.

Yes however if you install a custom ROM don't ever remove OEM unlock and reboot, if you want to turn on your phone! I did that lastnight the darn thing went into FRP lockdown so I flashed it with stock rim then when booting the phone it asked me to login to a wifi that the phone was on to verify my identity. Then that went ok but it asked me to log in to my Google account. So of course I don't know my password. So it asked if I wanted to reset with an SMS and I said "YOU'RE GODDAMN RIGHT" WELL now I'm hooped with no options than to wait? WAIT??? WTF GOOGLE YOU FKN IDIOTS!!!!! ITS MY FKN PHONE AND I HAVE THE RIGHT TO USE IT HOWEVER I WANT! THIS IS BS WITH A CAPITAL PARAGRAPH!!!!!!

This is exactly what it's for. The article is a bit misleading. It should be noted that is mostly an issue when you reset a phone in recovery and not in the settings since you are already logged into the phone. Now I could be wrong but this was only an issue on my Note 4 and ZF2 when I reset in recovery. I didn't have that issue on my Priv through settings.